Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Malicious FedEx Notification Emails

Date:08.18.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered a new campaign of malicious spam posing as FedEx notifications.

The notifications claim to be from FedEx and explain that a package sent by the recipient in the past month was not delivered. The message has an attachment claimed to be a copy of the invoice. The attachment is in a zip file but is actually a Trojan Downloader.

This spam wave is a continuation of an ongoing theme used in recent months of using a parcel service invoice as the social engineering attack vector.

Here is a screenshot of the malicious email:

 

Websense Messaging and Websense Web Security customers are protected against this attack.